this post was submitted on 01 Jan 2024
20 points (83.3% liked)
Security
5042 readers
10 users here now
Confidentiality Integrity Availability
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It only works on chosen cyphertexts. They don't specify is that means "any file, but the attacker has to get access to it" or if it means "this very specific file that we made in order to do this attack".
The former being much more dangerous than the latter of course.
According to the FAQ:
Which sounds to me like the latter?
but, you surely will agree, this is pretty devastating for any target. known cleartext may be trivial to insert into a targets workflow, and the confirmed recovery of a private key is potentially a massive payoff.
the ability to process and extract sensitive information from the local environment has gotten seriously scary.